Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action?

Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.

Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.

Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then sends credentials to partner businesses that act as an identity provider (IdP) and allows access to resources.

Clothing retailer acts as Access Control Provider, confirms access of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to resources.

Which of the following statements BEST describes least privilege principle in a cloud environment?

Network segments remain private if unneeded to access the internet.

A single cloud administrator is configured to access core functions.

Internet traffic is inspected for all incoming and outgoing packets.

Routing configurations are regularly updated with the latest routes.

Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?

Multiprotocol Label Switching (MPLS)

Synchronous Optical Networking (SONET)

Fiber Channel Over Ethernet (FCoE)

Session Initiation Protocol (SIP)

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

Intrusion Detection System (IDS)

Which of the following is included in change management?

Technical review by business owner

User Acceptance Testing (UAT) before implementation

Cost-benefit analysis (CBA) after implementation

Which application type is considered high risk and provides a common way for malware and viruses to enter a network?

Peer-to-Peer (P2P) file sharing applications

Instant messaging or chat applications

Which of the following is the BEST way to protect an organization’s data assets?

Encrypt data in transit and at rest using up-to-date cryptographic algorithms.

Monitor and enforce adherence to security policies.

Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).

Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.

In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?

Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.

Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.

Ensure the business continuity policy, controls, processes, and procedures have been implemented.

Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment?

Service Organization Control (SOC) 2 Type 2

Service Organization Control (SOC) 1 Type 2

Service Organization Control (SOC) 1 Type 1

Service Organization Control (SOC) 2 Type 1

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

Organization loses control of their network devices.

Network is flooded with communication traffic by the attacker.

Network management communications is disrupted.

Attacker accesses sensitive information regarding the network topology.

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users' internal control over financial reporting?

Service Organization Control 1 (SOC1)

Statement on Auditing Standards (SAS) 70

Service Organization Control 2 (SOC2)

Service Organization Control 3 (SOC3)

Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

Using automated programs to test for the latest known vulnerability patterns

Scheduled team review of coding style and techniques for vulnerability patterns

The regular use of production code routines from similar applications already in use

Ensure code editing tools are updated against known vulnerability patterns

Which of the following options correctly lists the duties in the correct order?

Public safety, duties to principals, duties to individuals, and duties to the profession

Public safety, duties to individuals, duties to the profession, and duties to principals

Public safety, duties to principals, duties to the profession, and duties to individuals

Public safety, duties to the profession, duties to principals, and duties to individuals

Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service?

Information Technology Infrastructure Library (ITIL)

Information Technology Service Management (ITSM)

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

In-house team lacks resources to support an on-premise solution.

Third-party solutions are inherently more secure.

Third-party solutions are known for transferring the risk to the vendor.

An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?

Extensible Markup Language (XML) external entities

Cross-Site Request Forgery (CSRF)

An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?

Cross-site request forgery (CSRF)

Which of the following encryption technologies has the ability to function as a stream cipher?

Cipher Block Chaining (CBC) with error propagation

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

Ensuring data integrity and confidentiality

Strong operational security to keep unit members safe

Monitoring network traffic for suspicious activity

Providing user authentication and authorization

Which of the following is security control volatility?

A reference to the likelihood of change in the security control.

A reference to the impact of the security control.

A reference to how unpredictable the security control is.

A reference to the stability of the security control.

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

Proper security controls, security objectives, and security goals are properly initiated.

Security objectives, security goals, and system test are properly conducted.

Proper security controls, security goals, and fault mitigation are properly conducted.

Security goals, proper security controls, and validation are properly initiated.

Which of the following is MOST important to follow when developing information security controls for an organization?

Exercise due diligence with regard to all risk management information to tailor appropriate controls.

Use industry standard best practices for security controls in the organization.

Review all local and international standards and choose the most stringent based on location.

Perform a risk assessment and choose a standard that addresses existing gaps.

When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

The RPO is the maximum amount of time for which loss of data is acceptable.

The RPO is the minimum amount of data that needs to be recovered.

The RPO is the amount of time it takes to recover an acceptable percentage of data lost.

The RPO is a goal to recover a targeted percentage of data lost.

Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?

A brute force password attack on the Secure Shell (SSH) port of the controller

A distributed denial-of-service (DDoS) attack on the network

A phishing attack targeting network administrators

A man-in-the-middle attack on the data plane

Which of the following is the BEST option to reduce the network attack surface of a system?

Disabling unnecessary ports and services

Ensuring that there are no group accounts on the system

Uninstalling default software on the system

Removing unnecessary system user accounts

The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?

Physically secured storage device

Public key infrastructure (PKI)

The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?

Security information and event management (SIEM)

A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?

Do not acknowledge receiving the request from the former colleague and ignore them.

Access the policy on a company-issued device and let the former colleague view the screen.

E-mail the policy to the colleague as they were already part of the organization and familiar with it.

Submit the request using company official channels to ensure the policy is okay to distribute.

Which of the following BEST describes when an organization should conduct a black box security audit on a new software project?

When the organization is confident the final source code is complete

When the organization wishes to check for non-functional compliance

When the organization wants to enumerate known security vulnerabilities across their infrastructure

When the organization has experienced a security incident

CISSP Final

Quiz

•

Computers

•

Professional Development

•

Practice Problem

•

Hard

Brian OHare

Used 1+ times

FREE Resource

Student preview

Time separation

Security kernel

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

CISSP Final

50 questions

Physical assets defined in an organization's business impact analysis (BIA) could include which of the following?

When assessing the audit capability of an application, which of the following activities is MOST important?

An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities. Which type of authorization mechanism would be the BEST choice for the organization to implement?

Which type of access control is abbreviated as RBAC?

What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime?

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?

Which of the following statements BEST describes least privilege principle in a cloud environment?

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Computers